package org.apache.syncope.sra.security.saml2;

import java.net.URI;
import org.apache.syncope.sra.security.pac4j.NoOpSessionStore;
import org.apache.syncope.sra.security.pac4j.ServerWebExchangeContext;
import org.apache.syncope.sra.security.pac4j.ServerWebExchangeHttpActionAdapter;
import org.apache.syncope.sra.session.SessionUtils;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.saml.client.SAML2Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/syncope/sra/security/saml2/SAML2WebSsoAuthenticationRequestWebFilter.class */
public class SAML2WebSsoAuthenticationRequestWebFilter implements WebFilter {
    private static final Logger LOG = LoggerFactory.getLogger(SAML2WebSsoAuthenticationRequestWebFilter.class);
    public static final String AUTHENTICATE_URL = "/saml2/authenticate";
    private static final ServerWebExchangeMatcher MATCHER = ServerWebExchangeMatchers.pathMatchers(new String[]{AUTHENTICATE_URL});
    private final SAML2Client saml2Client;

    public SAML2WebSsoAuthenticationRequestWebFilter(SAML2Client sAML2Client) {
        this.saml2Client = sAML2Client;
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return MATCHER.matches(serverWebExchange).filter((v0) -> {
            return v0.isMatch();
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(matchResult -> {
            return serverWebExchange.getSession();
        }).flatMap(webSession -> {
            LOG.debug("Creating SAML2 SP Authentication Request for IDP[{}]", this.saml2Client.getIdentityProviderResolvedEntityId());
            this.saml2Client.setStateGenerator(callContext -> {
                return ((URI) webSession.getRequiredAttribute(SessionUtils.INITIAL_REQUEST_URI)).toASCIIString();
            });
            ServerWebExchangeContext serverWebExchangeContext = new ServerWebExchangeContext(serverWebExchange);
            return (Mono) this.saml2Client.getRedirectionAction(new CallContext(serverWebExchangeContext, NoOpSessionStore.INSTANCE)).map(redirectionAction -> {
                return ServerWebExchangeHttpActionAdapter.INSTANCE.m23adapt((HttpAction) redirectionAction, (WebContext) serverWebExchangeContext);
            }).orElseThrow(() -> {
                return new IllegalStateException("No action generated");
            });
        }).onErrorResume(Mono::error);
    }
}
